In the early hours of September 20, the Balancer DeFi protocol team announced that the frontend had been hacked and urged users to refrain from further use of the platform’s interface.
The balancer frontend is under an attack. The issue is currently under investigation. Please do NOT interact with the balancer UI until further notice!
— Balancer (@Balancer) September 19, 2023
According to on-chain data studied by analyst ZachXBT, the loss totaled about $238,000.
Stolen funds are being directed to this address
0x645710Af050E26bB96e295bdfB75B4a878088d7E
~$238k stolen so far pic.twitter.com/rwMybBaLoA
— ZachXBT (@zachxbt) September 20, 2023
Balancer’s developers are still investigating the incident, and it is not yet known whether user funds were affected. A project representative in the Discord channel, Cosme Fulanito confirmed that the treasury was 100% in order.
Balancer is a community-governed protocol on the Ethereum network, launched in 2020. It functions as an automated portfolio manager, liquidity provider and price tracker.
The platform supports seven EVM-compatible networks. According to DeFi Llama, the total value of assets locked in Balancer v2 stands at $608 million.
The protocol also has a governance token, BAL. According to CoinGecko, at the time of writing the token traded at about $3.27, down 2.5% over the past 24 hours.
Following the frontend hack, some users reported that interacting with the website prompted them to approve a malicious contract that drains funds from wallets.
Massive Balancer HACK ?@Balancer was hacked
If you open the website it asks you to change the chain, where you hold the most amount of money
After that scam transaction is sent, after confirmation money are gone
Don’t open the website!!!
Maximum repost pic.twitter.com/d0jYDTeatf
— Hanzo ㊗️ (@DeFi_Hanzo) September 19, 2023
«If you open the website, it will ask you to change the chain in which you hold the largest amount of assets. After you confirm the fraudulent transaction, the money will disappear. Do not open the site», warned one community member.
When attempting to access Balancer through a browser, a phishing warning appeared for a time.
On-chain data show that the hacker transferred part of the funds to the Avalanche blockchain as wrapped ETH and carried out a test transaction via the mixer Tornado Cash.
Over the past month, Balancer has already endured a second attack. On August 22, the project team reported a bug related to liquidity pools. Assets deployed on Ethereum, Polygon, Arbitrum, Optimism, Avalanche, Gnosis, Fantom and zkEVM were at risk. Experts estimated the damage from the breach at $900,000.
Following the recent incident, HashKey co-founder Ben El-Baz questioned how to defend against attacks on Web 2.0 interfaces of applications when using digital assets.
The lead developer and founder of Dappling Network, known as 0xBookland, advised ordinary users to employ security extensions such as Joinfire. He urged protocols to improve website update monitoring and threat-alert systems.
For users, there are some extensions like @_joinfire
For protocols, the best solution is probably setting up monitoring that:
* Looks at where the frontend is pointing to
* What contracts the frontend is interacting withand if those don’t ever match what is expecting, sent…
— russell ( bookland ) (@0xBookland) September 20, 2023
«On-chain DNS — is no longer simply an option; it is a necessity. This was a 100% DNS hijack, say Decentraweb representatives.
A previously unknown attacked the Solana-based decentralized exchange Cypher and siphoned off about $1 million in crypto assets.
Recall that in August, the yield aggregator Zunami Protocol was hacked, losing digital assets worth $2.1 million.
In the same month, a hacker broke into the DeFi project Exactly Protocol for $12 million, exploiting a vulnerability in the smart contract.